Merge branch 'master' of github.com:MISP/misp-modules into tests

2019-10-17 10:46:32 +02:00 · 2019-10-17 10:46:32 +02:00 · 0555cdaedf
parent 9f7f11107c d740abe74b
commit 0555cdaedf
1 changed files with 11 additions and 9 deletions
--- a/misp_modules/modules/expansion/threatminer.py
+++ b/misp_modules/modules/expansion/threatminer.py
@ -13,23 +13,25 @@ moduleinfo = {'version': '1', 'author': 'KX499',
              'description': 'Get information from ThreatMiner',
              'module-type': ['expansion']}

+
 class ThreatMiner():
    def __init__(self):
        self.results = defaultdict(set)
        self.comment = '{}: Threatminer - {}'
        self.types_mapping = {'domain': '_get_domain', 'hostname': '_get_domain',
-                                'ip-dst': '_get_ip', 'ip-src': '_get_ip',
-                                'md5': '_get_hash', 'sha1': '_get_hash',
-                                'sha256': '_get_hash', 'sha512': '_get_hash'}
+                              'ip-dst': '_get_ip', 'ip-src': '_get_ip',
+                              'md5': '_get_hash', 'sha1': '_get_hash',
+                              'sha256': '_get_hash', 'sha512': '_get_hash'}

    @property
    def parsed_results(self):
        to_return = []
        for key, values in self.results.items():
-            input_value, comment = key[:2]
-            types = [k for k in key[2:]]
-            to_return.append({'types': types, 'values': list(values),
-                              'comment': self.comment.format(input_value, comment)})
+            if values:
+                input_value, comment = key[:2]
+                types = [k for k in key[2:]]
+                to_return.append({'types': types, 'values': list(values),
+                                  'comment': self.comment.format(input_value, comment)})
        return to_return

    def parse_query(self, request):
@ -82,7 +84,7 @@ class ThreatMiner():
        self.results[(q, comment, 'domain')].update({result for result in results if isinstance(result, str)})

    def _add_filename(self, results, q, comment):
-        self.results[(q, comment, 'filename')].update({result['filename'] for result in results if result.get('file_name')})
+        self.results[(q, comment, 'filename')].update({result['file_name'] for result in results if result.get('file_name')})

    def _add_hash(self, results, q, comment):
        self.results[(q, comment, 'sha256')].update({result for result in results if isinstance(result, str)})
@ -118,7 +120,7 @@ class ThreatMiner():
                self.results[(q, comment, 'whois-registrant-email')].update({email for em_type, email in emails.items() if em_type == 'registrant' and email})

    def _add_x509(self, results, q, comment):
-        self.results[(q, 'x509-fingerprint-sha1')].update({result for result in results if isinstance(result, str)})
+        self.results[(q, comment, 'x509-fingerprint-sha1')].update({result for result in results if isinstance(result, str)})


 def handler(q=False):